Accessibility links

Breaking News

Facebook Says It Blocked Hackers In Pakistan Active During Taliban Offensive

A Pakistani group was one of four “malicious” actors that Facebook disrupted.
A Pakistani group was one of four “malicious” actors that Facebook disrupted.

Facebook says it took action earlier this year to block hackers from Pakistan who targeted people tied to Afghanistan's former government and security forces in the months leading up to the Taliban’s seizure of power in August.

Facebook said on November 16 that the Pakistani group was one of four “malicious” groups it disrupted by disabling their accounts, blocking their domains from appearing on Facebook, alerting people it believed were targeted, and sharing information with other social-media platforms.

The other three were from Syria and targeted opposition or government critics and humanitarian organizations in that war-torn country.

The Pakistan-based group, known as SideCopy, targeted people who were connected to the previous Afghan government, military, and law enforcement in Kabul, according to cybersecurity officials at Meta, Facebook’s parent company.

“This malicious activity had the hallmarks of a well-resourced and persistent operation while obfuscating who’s behind it,” the official said in a news release on November 16.

Meta did not describe what the ultimate motive appeared to be but said the campaign ramped up between April and August by primarily sharing links to websites hosting malware.

The group’s tactics also included "romantic lures" used to build trust with potential targets and get them to click on phishing links or download malicious chat applications.

“They operated fake app stores and also compromised legitimate websites to host malicious phishing pages to manipulate people into giving up their Facebook credentials,” Meta said in describing some of SideCopy’s tactics.

Similar to the campaign from Pakistan, the Syrian campaign primarily targeted people using social-engineering tactics to trick them into clicking on links or downloading malicious software.

The company did not provide figures on the number of accounts potentially affected or the nature of the information hacked.

With reporting by AFP
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.